---
- name: OpenStack package repository for RHEL8, noarch only
  copy:
    content: |
      [openstack-for-rhel8]
      name = RHEL OpenStack RPMs
      baseurl = https://infrastructure.fedoraproject.org/repo/rhel/rhel8/other/rhel-8-x86_64-openstack-16-rpms/
      gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
      enabled=1
      gpgcheck=1
      exclude=*x86_64*
    dest: /etc/yum.repos.d/openstack.repo
  tags:
    - config
    - openstack

- name: enable swap in fstab
  mount: name=none src=LABEL=swap
         fstype=swap opts=sw passno=0 dump=0
         state=present
  register: fstab_swap_entry
  tags: swap

- name: mount the swap
  shell: swapon -a
  when: fstab_swap_entry.changed
  tags: swap

- name: install the default profile script
  copy: src=profile.sh dest=/etc/profile.d/copr-hypervisor.sh
  tags: profile_scripts

- name: install libvirt packages
  package: name={{ item }} state=present
  with_items:
  - qemu-kvm
  - libguestfs-tools-c
  - libvirt
  - libvirt-daemon
  - podman
  - virt-install
  - python3-glanceclient
  tags:
    - openstack
    - packages
    - libvirtd

- name: install libvirtd.conf
  copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
  notify:
  - restart libvirtd
  tags:
  - libvirtd
  - config

- set_fact: image_pool_dir=/libvirt-images image_pool_name=images
  tags: libvirtd

- name: create libvirt image directory
  file: path={{ image_pool_dir }}
        owner=qemu group=qemu mode=ug=rwx,g+s
        state=directory
  tags: libvirtd

- name: mount libvirt image partition
  mount: name={{ image_pool_dir }} src='LABEL=vmvolumes'
         fstype=ext4 state=mounted
  tags: libvirtd

- name: correct selinux
  sefcontext:
    target: "{{ image_pool_dir }}(/.*)?"
    setype: virt_image_t
    state: present
  register: semanage_run
  tags: libvirtd

- name: restorecon
  shell: restorecon -irv "{{ image_pool_dir }}"
  when: semanage_run.changed
  tags: libvirtd

- name: check host-bridge in libvirt
  shell: virsh net-info host-bridge
  register: libvirt_bridge_exists
  failed_when: false
  changed_when: libvirt_bridge_exists.rc != 0
  tags: libvirtd

- name: copy host-bridge config file to host
  copy: src=libvirt-net-bridge.xml
        dest=/root/.tmp-ansible-file.xml
  when: libvirt_bridge_exists.changed
  tags: libvirtd

- name: define host-bridge in libvirt
  shell: |
    virsh net-define /root/.tmp-ansible-file.xml
    virsh net-start host-bridge
    virsh net-autostart host-bridge
  when: libvirt_bridge_exists.changed
  notify: restart libvirtd
  tags: libvirtd

- name: check if image pool exists
  shell: virsh pool-info "{{ image_pool_name }}"
  register: libvirt_pool_exists
  failed_when: false
  changed_when: libvirt_pool_exists.rc != 0
  tags: libvirtd

- name: copy image pool config file to host
  template: src=libvirt-pool-images.xml
            dest=/root/.tmp-ansible-file.xml
  when: libvirt_pool_exists.changed
  tags: libvirtd

- name: define image pool in libvirt
  shell: |
    virsh pool-define /root/.tmp-ansible-file.xml
    virsh pool-start "{{ image_pool_name }}"
    virsh pool-autostart "{{ image_pool_name }}"
  when: libvirt_pool_exists.changed
  notify: restart libvirtd
  tags: libvirtd

- name: allow copr user controlling libvirt
  ini_file:
    path: /usr/lib/systemd/system/libvirtd.socket
    section: Socket
    option: SocketGroup
    value: libvirt
    backup: yes
  notify:
    - reload systemd
    - restart libvirtd.socket
  tags: libvirtd

- name: create the copr user
  user: name=copr uid=11666 group=libvirt groups=qemu password_lock=true

- name: assure that copr-be can ssh there as copr@...
  authorized_key: user=copr key="{{ item }}"
  with_file:
  - buildsys.pub

- name: add root keys for sysadmin-main and other allowed users
  authorized_key: user=copr key="{{ item }}"
  with_lines:
  - "{{ auth_keys_from_fas }} @sysadmin-copr"
  tags:
  - copr_admins
  - config
  - sshkeys

# todo: generate it's own key
- name: make sure hostA can ssh to hostB
  copy:
    src: "{{ private }}/files/copr/buildsys.priv"
    dest: /home/copr/.ssh/id_rsa
    owner: copr
    mode: 0600

- name: provide pub key, too, so we can install them to generated builder images
  copy: src=buildsys.pub dest=/home/copr/.ssh/id_rsa.pub
        owner=copr mode=0600

- name: Enable praiskup-helpers repo
  community.general.copr:
    state: enabled
    name: praiskup/helpers
    # TODO: fix error in the Copr Ansible module:
    # Chroot rhel-8.5-ppc64le does not exist in praiskup/helpers
    chroot: "{{ 'epel-8-x86_64' if ansible_distribution != 'Fedora' else 'fedora-36-x86_64' }}"
  tags:
    - update_helpers
    - packages

- name: install the latest helper package
  package: name=praiskup-helpers state=latest
  tags:
    - update_helpers
    - packages

- name: install configuration for /bin/copr-image
  copy:
    dest: /etc/eimg/eimg.sh
    content: |
      EIMG_COPR_PLAYBOOK_DIR=/home/copr/provision
      EIMG_COPR_PLAYBOOK=local-image-update.yml
      EIMG_FINAL_SYSPREP_ARGS=(--ssh-inject "root:file:$HOME/.ssh/id_rsa.pub"
      --run-command "chcon -v -R -h system_u:object_r:ssh_home_t:s0 /root/.ssh" )
  tags:
    provision_config

- name: setup provision directory
  include_tasks: "{{ roles_path }}/copr/backend/tasks/setup_provisioning_environment.yml"
  vars:
    provision_directory: /home/copr/provision
    provision_user: copr
  tags: always
